diff options
| author | Adeodato Simó <dato@net.com.org.es> | 2008-02-29 19:26:53 +0100 |
|---|---|---|
| committer | martin f. krafft <madduck@madduck.net> | 2008-02-29 19:29:44 +0100 |
| commit | be0b4f603f918444b906e42825908ddac78b7073 (patch) | |
| tree | 456ecd08fba0f23ce85d48eaf7ab2cbe405c623c | |
| parent | 12c5361c737345fb807f44e93987b442d52d9218 (diff) | |
Allow colons in URLs after the first slash
A new regexp fixes this bug:
http://ikiwiki.info/bugs/No_link_for_blog_items_when_filename_contains_a_colon/
I traced this down to htmlscrubber. If disabled,
it works. If enabled, then $safe_url_regexp
determines the URL unsafe because of the colon and
hence removes the src attribute.
Digging into this, I find that RFC 3986 pretty
much discourages colons in filenames:
"""
A path segment that contains a colon character
(e.g., "this:that") cannot be used as the first
segment of a relative-path reference, as it would
be mistaken for a scheme name. Such a segment must
be preceded by a dot-segment (e.g., "./this:that")
to make a relative- path reference.
"""
on the other hand, with usedirs, any link to
another page will be prepended by ../ anyway, so
that makes them okay again.
The solution still seems not to use colons.
In any case, htmlscrubber should get a new regexp,
courtesy of dato.
I have tested and verified this.
Signed-off-by: martin f. krafft <madduck@madduck.net>
| -rw-r--r-- | IkiWiki/Plugin/htmlscrubber.pm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/IkiWiki/Plugin/htmlscrubber.pm b/IkiWiki/Plugin/htmlscrubber.pm index 7ce07ee9a..3bdaccea1 100644 --- a/IkiWiki/Plugin/htmlscrubber.pm +++ b/IkiWiki/Plugin/htmlscrubber.pm @@ -31,7 +31,7 @@ sub import { #{{{ ); # data is a special case. Allow data:image/*, but # disallow data:text/javascript and everything else. - $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+$)/i; + $safe_url_regexp=qr/^(?:(?:$uri_schemes):|data:image\/|[^:]+(?:$|\/))/i; } # }}} sub sanitize (@) { #{{{ |